Return to protonvpn.com Facebook   Twitter   Reddit   Instagram   Mastodon   ProtonMail
Support Center / DNS leaks and how they compromise your privacy

DNS leaks and how they compromise your privacy

VPNs are a good way to protect your online activity and privacy. However, they are not impenetrable. There are certain weaknesses that can compromise your identity even if you use a VPN. One such vulnerability is a DNS leak.

What is DNS?

You can think of the domain name system (DNS) as the Internet’s phonebook. It links URLs, the web addresses that humans use, like www.protonvpn.com, to Internet Protocol (IP) addresses, the web addresses computers use, like 185.70.40.231. When you type an URL into your browser, it sends out a request that is directed to the correct IP address. This makes DNS one of the foundations of the Internet.

What causes DNS leaks?

DNS lookups run in the background and do not require any interaction from the user once the request has been initiated. Typically, your computer will use the DNS servers provided by your Internet service provider (ISP). Because you must perform a DNS lookup each time you visit a website, the operators of the DNS server you are using can monitor every single site that you visit.

However, even if you use a third-party DNS server or your own DNS server, your ISP will still be able to monitor your DNS requests if they are not encrypted.

Other causes of DNS leakage

VPNs will encrypt your DNS requests along with the rest of your Internet traffic but there are several situations that could lead to DNS leaks and expose your online activity.

  • You manually configured your VPN connection: If you have set up your own VPN connection, there is a much higher risk of DNS leaks if the DNS settings are misconfigured.
  • An intruder controls your router: If you are using public Wi-Fi, an intruder could trick your device into sending its DNS requests outside the encrypted VPN connection.
  • Your connection to the VPN server is interrupted: If you lose connection to your VPN service, then your DNS requests could be sent to your ISP to be resolved.

How to test for DNS leaks

The easiest way to test for a DNS leak is to go to www.dnsleaktest.com and run a free test. It will tell you your device’s IP address and your rough location. You should run two tests, one before you activate your VPN service and one after, to ensure that your online privacy is protected. If both tests turn out the same results, then your VPN service is not protecting your DNS requests.

ProtonVPN DNS leak protection

We do not use third party DNS servers (we operate our own DNS servers) and we always route all your DNS queries through our encrypted VPN tunnel. Our native apps have a default DNS leak protection feature that forces your Internet connection to resolve DNS queries via our DNS servers. We also go a step further with our Kill Switch feature, which blocks all network connections in case you lose connection to our VPN server. This way ProtonVPN keeps you protected even when you get accidentally disconnected.

DNS leaks are simple to find and easy to prevent but they can undermine your online privacy and security. Be sure to only use trustworthy VPN services, use the recommended settings, and test for DNS leaks regularly.

Post Comment

6 comments

  1. Hello

    What is your DNS server?
    As of Plus user, I connected Proton with my router. I want to find out how to ensure my DNS server setting is connected with Proton to aviod unleakable.

    Thanks!

  2. ProtonVPN Team

    Hey, all of the DNS requests are resolved on the server itself so each VPN server is running a DNS server. The address is 10.8.8.1 for UDP connections and 10.7.7.1 for TCP connections.

  3. frank

    do you log for dns queries ?

  4. ProtonVPN Team

    Hello Frank, since DNS queries are resolved on the server itself, they are also encrypted and not logged as per our security policies.

  5. Peter

    When I performed the extended look-up on the DNS leak test site.

    This displayed my beginning IP and the Protonmail secure core

    Why?

  6. ProtonVPN Team

    Hello Peter, that should not happen so please send the results to our support team. https://protonvpn.com/support-form

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't find your answer? We're happy to help you!     Contact Our Support Team

Secure Your Internet Today

Get ProtonVPN